I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)2. searched through files which he unquestionably knew he was not supposed to access3. read files which he unquestionably knew he was not supposed to access4. sounds like he actually might have sent the files to himself as well5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.

sleemanj: I think if I had been the one to find such a security problem, I would have reported it anonymously to the ministry, police, and privacy commisioner.

Probably was not a good idea to say...1. that he performed a specific action to get the access (mapped a drive through the Open File dialog in Word)2. searched through files which he unquestionably knew he was not supposed to access3. read files which he unquestionably knew he was not supposed to access4. sounds like he actually might have sent the files to himself as well5. he says he was tipped off about it, which means that somebody he knew (or anon) had access before him

At the least, the guy is probably going to have his computers seized for analysis and be interviewed by police.

Probably not actually. If YOU did it, then sure. But he's a journalist, even if for a small but popular blogging network. They won't risk the bad PR from attacking the press directly because the press will close ranks and make the government out to be the devil incarnate.

The sad thing is that I know other government departments with similar issues.

just read the blog entry....unbelievable. There is no face big enough in the world to contain the number of palms required for this. It looks like it may have even been possible to copy over some of their hyper v machines??? Is this the department that was just talking about making a new database for at risk children that would definitely be secure or was that a different one?